At ViaLumina we have been partnering with eDiscovery Journal for some time. We have been feverishly working together on a brand new survey report that we will hope will bring some much-needed definition to the information governance space. Earlier this year, we ran an extensive survey about information governance at eDj, and the results are fascinating. Barry and I are going to talk about these results at a webinar this Thursday, so mark your calendar and stop by. It’s September 15th at 1 pm EDT. Register here.

Barry has already posted some analysis of the survey data on which department should be responsible for information governance so check that out here.

Over the next few days I am going to tease you with some of the survey results. If you want more, did I mention that you should register for the webinar? No? Well you should.

Here is one of the charts from our upcoming report. Come to the webinar for our analysis . . .

What we need, suggests Brenda Zimmerman, a professor at Schulich School of Business in Ontario, is a distinction between the complicated and the complex. It’s complicated, she says, to send a rocket to the moon — it requires blueprints, math and a lot of carefully calibrated hardware and expertly written software. Raising a child, on the other hand, is complex. It is an enormous challenge, but math and blueprints won’t help. Performing hip replacement surgery, she says, is complicated. It takes well-trained personnel, precision and carefully calibrated equipment. Running a health care system, on the other hand, is complex. It’s filled with thousands of parts and players, all of whom must act within a fluid, unpredictable environment.

My wife is a contemporary artist (let’s leave aside the painful discussion of what “contemporary,” and “art” mean), so I spend quite a bit of time in the art world. An article today about FaceBook initially banning – then allowing – a nude drawing from an academic life drawing class caught my eye. I find it nicely ironic that the New York Academy of Art successfully used social media to make the social media giant to squirm. I also think the FaceBook’s rationalization is pretty entertaining. To summarize: “We ban nude photographs, not drawings. But, the the drawing was so lifelike, our reviewer thought it was a photograph, so he banned it. So, take our banning as a compliment.”

Get that guy a job in PR! Oh, wait, he already has one.

In any case, this little story is a perfect representation of why creating and enforcing IG policy is complex. Many suffer from an oversimplification fallacy when it comes to IG. I don’t blame them, its a perfectly reasonable defense mechanism against the true complexity of IG (parts of it are merely complicated; see above). In other words, there is a strong temptation – when faced with the complexity of IG causes and solutions, to claim that there is a single cause, or a single solution. There isn’t.

Further, IG is a moving target, and the problems only get more difficult as an organization grows and matures. This is the problem that FaceBook is, uh, facing. You start off with a simple policy – no nudity on FaceBook – but then one day you wake up and a NY art school is berating your art-hating, censorious ways. Now, like any other organization (company, government, country), FaceBook – as a result of its success – requires a more mature, fine-grained, sophisticated and gasp . . . complicated approach to the issue.

The same thing happens with IG. For example, we typically start off with no email policy. That’s a disaster, so we impose mailbox size restrictions. That’s a farce, so we impose a 90 day deletion policy. That breaks, because now we have PST files growing across the company like black mold and orange ooze, so we turn off PSTs. That breaks, so we get email archiving and turn on unlimited email storage space. That breaks, so we apply our retention schedule in the archive. Etc. etc. etc. Each of these approaches may have worked for a time, but as the company grew, the volume of mail grew, the operating environment got more complex, and a more sophisticated approach was needed.

Maturity models are one way through this – helping us decide how much governance we need, and when we need it. There are plenty of them in the IG space, including ARMA’s, MIKE’s, and several from vendors, so take a look at those. But realize that success and growth will inevitably make your IG environment more complicated. I’m willing to bet that you are already behind – the complexity of your information environment outstripping your ability to manage it. Also, remember that forces outside your control are also conspiring to make the problem more complicated: with more regulation, increasing information volume, and growing complexity in the IT environment a few of those factors.

Now, I don’t want to leave you with the impression that the solution to complexity is more complexity. Some believe that complexity reaches a threshold where the only possible solution is a set of simple, high-level principles (or Checklists). For example, the paragraph I quoted above finishes with, “It takes a set of simple principles that guide and shape the system. For instance: Teach everyone the best practices of doctors who are really good at hip replacement surgery.”

This may be true. But, it still leaves the complicated problem of ensuring that these principles are actually implemented in our technology and human environment.

I’m on my way home from Philadelphia after an interesting and useful AIIM 2010 Expo, and thought I would share some observations. I had many good meetings, saw some good products, learned some new things, and met a bunch of good people. I hope everyone else had a useful trip, and got home safe and sound.

Attendance

The subject of the weather was replaced by the subject of attendance levels as the de rigueur conference small talk. Although I heard varying opinions, the consensus view seemed to be that attendance and the number of exhibitors was low. I talked to a representative from Questex, the show operator, who claimed that this was not the case, with over 12K attendees expected to show up and exhibitor levels better than last year. Who knows? My observation is that it seemed busier than last year, at the height of the recession. Many exhibitor booths (like EMC’s) seemed to be constantly busy.

None of this answers the question whispered in the hallways of almost any big conference in the last couple of years – is the trade show still a viable form of marketing and education? Does anybody learn anything? Does anybody sell anything? Is it just a “vendor echo chamber?” Are we all just going out of some sense of obligation? Do attendees just go to get out of the office, and vendors because they are more afraid of the negative consequences of their absence than they are excited by the ROI of their presence?

I like events like the AIIM Expo for the simple reason that it is energizing and affirming to be surrounded by tangible markers of my profession. I have worked outside a traditional office for a decade, and don’t often have the opportunity to just hang out with people who have the same background or interest in this space. So, I find that rewarding.

But, the biggest reason I find some events useful is that I strive to have a clearly-defined purpose for going. For any event, I define that purpose and use it as a measuring stick: will the event help me achieve my goal, and is achieving my goal worth the cost of going? You goal may be to “get up to date with best practices in my profession,” or “learn what other companies are doing,” or “see the latest technologies” – it doesn’t matter. But, asking whether or not a particular conference – or conferences in general – are “worth it” is the wrong question. The right question is: what is my goal, and is attending the event the best way to achieve it?

You’re Not Keeping Everything Forever?

The last message one might expect to hear at a conference devoted to topics such as “the lifecycle of records and related concepts such as Classification Schemes, Metadata, Security, Retention, Preservation and Disposal,” is that companies should simply keep all information forever. But heard it, I did – in not one, but two, separate keynotes. I have written about this topic many times, including here, and it is truly one of my favorite topics. As you may guess I, ahem, beg to differ with this position.

To be fair, the first time I heard it, the speaker actually used the term “data” and she was really mostly talking about “research data” and she was from a research organization. So, I’ll give that one a pass.

The second time I heard it, it came from a senior Google representative who apparently been asked to come to Philly to provide a sixty minute commercial. Because, you know, they have a hard time getting their message out otherwise . . . Anyway, like many others, I’m a fan of many Google services, and they have increasingly become a big part of my personal and business life, from Gmail to the fabulous Google Voice. Clearly they are doing transformative work in the consumer space.

But, do they get the enterprise?

The presentation left little doubt that they have a pretty good understanding of their own enterprise. Cyrus Mistry, the speaker, did a funny and engaging presentation about life at Google. Some of the highlights were:

By default (at least, culturally) all information is published to everyone at Google seconds after it is created

All information is stored in the cloud and instantaneously available on any platform – including your smartphone

Nothing is ever thrown away, e.g., Cyrus mentioned that he has 200 or 300 GB of email in the Google cloud

But, the primary message was not just, “this is way Google works,” but, this is the obvious and inevitable way that all organizations should work – and will work in the future. Anything less is laughably complex, outdated, stodgy, unnecessarily controlling, and stifling to innovation and to the very soul of the employee.

Apparently, in the coming information utopia:

Nobody is lazy.

Nobody is malicious.

Nobody sues anyone.

Nobody creates any information that shouldn’t be shared instantly with everyone in the entire organization.

There is no risk associated with information – only value and upside.

You are completely free as an organization to manage information as you please – no-one outside the company is dictating this to you.

Nobody wants to browse through information to find what is relevant to them.

In this vision, the lifecycle of a record is less of a cycle, and more of an infinity symbol. The content is created, it is shipped to the cloud, and there it resides in a big pile – forever.

Do I think there are compelling elements to this vision?

Of course.

Do I think this is the way information should be managed inside the developer community of a software company?

Sure.

I worked for many years in the software business and learned that the high tech world and its engineers often have a charmingly naive view that the way they work is the way that everyone should work. In fact, this tendency has been the downfall of many brilliant software companies as engineers diligently developed the most incredible solutions for problems that didn’t exist – fighting with sales and marketing all the way as they flew the plane into the crash site.

Now, am I saying that Google’s vision of information management won’t be be successful, or at least highly influential? Hey, I’m not that charmingly naive (well, maybe naive, but certainly not charming). However, the information reality for most of my clients is something more like this:

Some people make mistakes.

Some people are malicious.

They are getting sued all the time, and suing other parties all the time.

There are tens of thousands of external regulations, requirements, contractual obligations, industry standards and other factors that dictate they way they need to manage information.

Information creates risk – as well as value – and they want to get rid of the stuff that has no value.

They create terabytes of information that cannot be shared with everyone all the time and they will experience serious weeping and gnashing of teeth if even the smallest amount of this information is shared.

At least some of the organization wants and needs to browse through information by category.

I want information management to get much much better and much simpler. Innovation and new approaches are needed. I’m not arguing for complexity and command-and-control. But, I think that information management for many – if not most – large companies is very complex and the problem is not solved by keeping everything forever.

All SharePoint All the Time

The AIIM Expo was a coming out party for SharePoint 2010 in the AIIM community, and generated a lot of interest and discussion. Microsoft bolstered its vision of SharePoint-as-platform by hosting several partners with value-added products and services in stand-up kiosks. In addition, there was a SharePoint-specific track at the show that seemed pretty well attended.

SharePoint continues to rapidly penetrate the information management market, with an increasing number of organizations seeking to leverage the platforms’ records management capabilities – especially the new features of SharePoint 2010.

I see this causing some pretty interesting conflicts at client organizations.

The success of the product and its growing records management feature set has brought it to the attention of stakeholders that in the past were not likely to be involved in a SharePoint implementation project. These stakeholders include professionals like lawyers who are concerned about e-discovery; records managers concerned about retention schedule compliance; and compliance and governance professionals who see both opportunity and risk in the platform.

In many cases, this new-found interest in SharePoint is not welcome by the IT professionals actually tasked with implementing, configuring, and managing the product. This can result in significant friction that can delay, derail, or otherwise cause a SharePoint project to underachieve. Often, the new stakeholders are looking for centralized control, closed systems, and detailed oversight, whereas IT is seeking to leverage the intuitive information sharing capabilities of the platform and the ease with which end-users can create and self-administer sites.

SharePoint governance will only be successful if these two camps can find a middle ground, and take a practical approach that focuses on maximizing the business value of the platform while minimizing the compliance and business risk. I advise clients to lock the stakeholders in a room and hammer out the 3-5 governance controls that they can’t live without, and start with that.

Wrap Up

AIIM 2010 was useful for me, and I hope I provided some value here to those that couldn’t make it. To those who did, safe travels, and I will see you soon. In the meantime, let me know what you think of my observations.